Warning: Permanently added '10.128.1.99' (ED25519) to the list of known hosts. 2025/05/26 15:16:18 ignoring optional flag "sandboxArg"="0" 2025/05/26 15:16:18 parsed 1 programs [ 297.993578][ T30] audit: type=1400 audit(1748272578.974:67): avc: denied { node_bind } for pid=5845 comm="syz-execprog" saddr=::1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:node_t tclass=tcp_socket permissive=1 [ 299.857101][ T30] audit: type=1400 audit(1748272580.844:68): avc: denied { mounton } for pid=5854 comm="syz-executor" path="/syzcgroup/unified" dev="sda1" ino=2023 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:root_t tclass=dir permissive=1 [ 299.860697][ T5854] cgroup: Unknown subsys name 'net' [ 299.879896][ T30] audit: type=1400 audit(1748272580.844:69): avc: denied { mount } for pid=5854 comm="syz-executor" name="/" dev="cgroup2" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 299.907226][ T30] audit: type=1400 audit(1748272580.874:70): avc: denied { unmount } for pid=5854 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:cgroup_t tclass=filesystem permissive=1 [ 300.047897][ T5854] cgroup: Unknown subsys name 'cpuset' [ 300.055865][ T5854] cgroup: Unknown subsys name 'rlimit' [ 300.222385][ T30] audit: type=1400 audit(1748272581.204:71): avc: denied { setattr } for pid=5854 comm="syz-executor" name="raw-gadget" dev="devtmpfs" ino=820 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1 [ 300.269779][ T30] audit: type=1400 audit(1748272581.204:72): avc: denied { create } for pid=5854 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 300.290408][ T30] audit: type=1400 audit(1748272581.204:73): avc: denied { write } for pid=5854 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 300.311299][ T30] audit: type=1400 audit(1748272581.204:74): avc: denied { read } for pid=5854 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 300.331931][ T30] audit: type=1400 audit(1748272581.214:75): avc: denied { mounton } for pid=5854 comm="syz-executor" path="/proc/sys/fs/binfmt_misc" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=dir permissive=1 [ 300.342203][ T5857] SELinux: Context root:object_r:swapfile_t is not valid (left unmapped). [ 300.357054][ T30] audit: type=1400 audit(1748272581.214:76): avc: denied { mount } for pid=5854 comm="syz-executor" name="/" dev="binfmt_misc" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:binfmt_misc_fs_t tclass=filesystem permissive=1 [ 301.260374][ T5854] Adding 124996k swap on ./swap-file. Priority:0 extents:1 across:124996k [ 302.869632][ T5862] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 303.019604][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 303.019618][ T30] audit: type=1401 audit(1748272584.004:102): op=setxattr invalid_context="u:object_r:app_data_file:s0:c512,c768" [ 303.060600][ T30] audit: type=1400 audit(1748272584.044:103): avc: denied { create } for pid=5869 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 303.080717][ T30] audit: type=1400 audit(1748272584.044:104): avc: denied { read write } for pid=5869 comm="syz-executor" name="vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 303.086080][ T5871] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 303.104828][ T30] audit: type=1400 audit(1748272584.044:105): avc: denied { open } for pid=5869 comm="syz-executor" path="/dev/vhci" dev="devtmpfs" ino=1268 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:vhost_device_t tclass=chr_file permissive=1 [ 303.112465][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 303.135388][ T30] audit: type=1400 audit(1748272584.054:106): avc: denied { ioctl } for pid=5869 comm="syz-executor" path="socket:[4571]" dev="sockfs" ino=4571 ioctlcmd=0x48c9 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bluetooth_socket permissive=1 [ 303.143083][ T5871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 303.176727][ T5871] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 303.184227][ T5871] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 304.208285][ T30] audit: type=1400 audit(1748272585.194:107): avc: denied { module_request } for pid=5891 comm="syz-executor" kmod="rtnl-link-nicvf" scontext=root:sysadm_r:sysadm_t tcontext=system_u:system_r:kernel_t tclass=system permissive=1 [ 304.271194][ T5891] chnl_net:caif_netlink_parms(): no params data found [ 304.338878][ T5891] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.346843][ T5891] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.354044][ T5891] bridge_slave_0: entered allmulticast mode [ 304.361563][ T5891] bridge_slave_0: entered promiscuous mode [ 304.369941][ T5891] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.377369][ T5891] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.385172][ T5891] bridge_slave_1: entered allmulticast mode [ 304.391876][ T5891] bridge_slave_1: entered promiscuous mode [ 304.415890][ T5891] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 304.426721][ T5891] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 304.450212][ T5891] team0: Port device team_slave_0 added [ 304.459391][ T5891] team0: Port device team_slave_1 added [ 304.482375][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 304.489716][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.515962][ T5891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 304.528897][ T5891] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 304.536165][ T5891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 304.562363][ T5891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 304.595964][ T5891] hsr_slave_0: entered promiscuous mode [ 304.602054][ T5891] hsr_slave_1: entered promiscuous mode [ 304.699169][ T5891] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 304.709820][ T5891] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 304.720179][ T5891] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 304.729556][ T5891] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 304.749144][ T5891] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.756420][ T5891] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.764303][ T5891] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.771461][ T5891] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.812458][ T5891] 8021q: adding VLAN 0 to HW filter on device bond0 [ 304.828407][ T5891] 8021q: adding VLAN 0 to HW filter on device team0 [ 304.839945][ T5039] bridge0: port 1(bridge_slave_0) entered disabled state [ 304.848886][ T5039] bridge0: port 2(bridge_slave_1) entered disabled state [ 304.863862][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 304.871368][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 304.883796][ T5039] bridge0: port 2(bridge_slave_1) entered blocking state [ 304.890950][ T5039] bridge0: port 2(bridge_slave_1) entered forwarding state [ 304.947988][ T30] audit: type=1400 audit(1748272585.934:108): avc: denied { sys_module } for pid=5891 comm="syz-executor" capability=16 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability permissive=1 [ 305.027672][ T5891] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 305.062386][ T5891] veth0_vlan: entered promiscuous mode [ 305.071725][ T5891] veth1_vlan: entered promiscuous mode [ 305.092826][ T5891] veth0_macvtap: entered promiscuous mode [ 305.102696][ T5891] veth1_macvtap: entered promiscuous mode [ 305.118469][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 305.131186][ T5891] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 305.142035][ T5891] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.150919][ T5891] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.159686][ T5891] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.168437][ T5891] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 305.278939][ T5039] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.337020][ T5039] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.416211][ T5039] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.489249][ T5039] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 305.516937][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.527204][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.554043][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 305.562696][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 305.878185][ T30] audit: type=1400 audit(1748272586.864:109): avc: denied { create } for pid=5921 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=user_namespace permissive=1 [ 305.926662][ T30] audit: type=1400 audit(1748272586.864:110): avc: denied { sys_admin } for pid=5921 comm="syz-executor" capability=21 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 [ 305.975370][ T30] audit: type=1400 audit(1748272586.964:111): avc: denied { sys_chroot } for pid=5922 comm="syz-executor" capability=18 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=cap_userns permissive=1 2025/05/26 15:16:27 executed programs: 0 [ 306.830371][ T5125] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 306.838557][ T5125] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 306.846650][ T5125] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 306.855981][ T5125] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 306.864098][ T5125] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 306.982284][ T5946] chnl_net:caif_netlink_parms(): no params data found [ 307.036883][ T5946] bridge0: port 1(bridge_slave_0) entered blocking state [ 307.043988][ T5946] bridge0: port 1(bridge_slave_0) entered disabled state [ 307.051538][ T5946] bridge_slave_0: entered allmulticast mode [ 307.058446][ T5946] bridge_slave_0: entered promiscuous mode [ 307.066645][ T5946] bridge0: port 2(bridge_slave_1) entered blocking state [ 307.073739][ T5946] bridge0: port 2(bridge_slave_1) entered disabled state [ 307.081360][ T5946] bridge_slave_1: entered allmulticast mode [ 307.088835][ T5946] bridge_slave_1: entered promiscuous mode [ 307.116253][ T5946] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 307.127989][ T5946] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 307.153429][ T5946] team0: Port device team_slave_0 added [ 307.161182][ T5946] team0: Port device team_slave_1 added [ 307.179964][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 307.187916][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.214197][ T5946] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 307.228055][ T5946] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 307.235101][ T5946] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 307.261665][ T5946] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 307.293639][ T5946] hsr_slave_0: entered promiscuous mode [ 307.300714][ T5946] hsr_slave_1: entered promiscuous mode [ 307.306803][ T5946] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 307.314564][ T5946] Cannot create hsr debugfs directory [ 308.566110][ T30] audit: type=1400 audit(1748272589.554:112): avc: denied { search } for pid=5479 comm="dhcpcd" name="/" dev="tmpfs" ino=1 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 308.624328][ T5039] bridge_slave_1: left allmulticast mode [ 308.631483][ T5039] bridge_slave_1: left promiscuous mode [ 308.639730][ T5039] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.651070][ T5039] bridge_slave_0: left allmulticast mode [ 308.658648][ T5039] bridge_slave_0: left promiscuous mode [ 308.664498][ T5039] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.682332][ T30] audit: type=1400 audit(1748272589.664:113): avc: denied { read } for pid=5957 comm="dhcpcd-run-hook" name="resolv.conf" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 308.707913][ T30] audit: type=1400 audit(1748272589.664:114): avc: denied { open } for pid=5957 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 308.735585][ T30] audit: type=1400 audit(1748272589.664:115): avc: denied { getattr } for pid=5957 comm="dhcpcd-run-hook" path="/run/dhcpcd/hook-state/resolv.conf" dev="tmpfs" ino=1837 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 308.904672][ T5871] Bluetooth: hci0: command tx timeout [ 308.928024][ T30] audit: type=1400 audit(1748272589.914:116): avc: denied { write } for pid=5956 comm="dhcpcd-run-hook" name="hook-state" dev="tmpfs" ino=1836 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 308.959786][ T30] audit: type=1400 audit(1748272589.914:117): avc: denied { add_name } for pid=5956 comm="dhcpcd-run-hook" name="resolv.conf.eth1.link" scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 309.002433][ T30] audit: type=1400 audit(1748272589.984:118): avc: denied { remove_name } for pid=5967 comm="rm" name="resolv.conf.eth1.link" dev="tmpfs" ino=2034 scontext=system_u:system_r:dhcpc_t tcontext=system_u:object_r:tmpfs_t tclass=dir permissive=1 [ 309.058772][ T5039] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 309.074185][ T5039] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 309.087106][ T5039] bond0 (unregistering): Released all slaves [ 309.189496][ T5039] hsr_slave_0: left promiscuous mode [ 309.197697][ T5039] hsr_slave_1: left promiscuous mode [ 309.203699][ T5039] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 309.214922][ T5039] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 309.228766][ T5039] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 309.236305][ T5039] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 309.259818][ T5039] veth1_macvtap: left promiscuous mode [ 309.266753][ T5039] veth0_macvtap: left promiscuous mode [ 309.272395][ T5039] veth1_vlan: left promiscuous mode [ 309.278276][ T5039] veth0_vlan: left promiscuous mode [ 309.605879][ T5039] team0 (unregistering): Port device team_slave_1 removed [ 309.629836][ T5039] team0 (unregistering): Port device team_slave_0 removed [ 309.973676][ T5946] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 309.991594][ T5946] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 310.007130][ T5946] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 310.018048][ T5946] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 310.123528][ T5946] 8021q: adding VLAN 0 to HW filter on device bond0 [ 310.142608][ T5946] 8021q: adding VLAN 0 to HW filter on device team0 [ 310.451226][ T63] bridge0: port 1(bridge_slave_0) entered blocking state [ 310.458387][ T63] bridge0: port 1(bridge_slave_0) entered forwarding state [ 310.499684][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 310.506823][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 310.873049][ T5946] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 310.964029][ T5946] veth0_vlan: entered promiscuous mode [ 310.974774][ T5871] Bluetooth: hci0: command tx timeout [ 311.003413][ T5946] veth1_vlan: entered promiscuous mode [ 311.070832][ T5946] veth0_macvtap: entered promiscuous mode [ 311.089410][ T5946] veth1_macvtap: entered promiscuous mode [ 311.126140][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 311.138564][ T5946] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 311.158278][ T5946] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.168465][ T5946] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.177902][ T5946] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.186942][ T5946] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 311.284711][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.292546][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.316950][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 311.325379][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 311.368085][ T6027] netlink: 'syz.0.16': attribute type 10 has an invalid length. [ 311.384091][ T6027] team0: Port device wlan1 added [ 311.413054][ T6028] netlink: 'syz.0.17': attribute type 10 has an invalid length. [ 311.439022][ T6029] netlink: 'syz.0.18': attribute type 10 has an invalid length. [ 311.459858][ T6030] netlink: 'syz.0.19': attribute type 10 has an invalid length. [ 311.485427][ T6031] netlink: 'syz.0.20': attribute type 10 has an invalid length. [ 311.508544][ T6032] netlink: 'syz.0.21': attribute type 10 has an invalid length. [ 311.537194][ T6033] netlink: 'syz.0.22': attribute type 10 has an invalid length. [ 311.564353][ T6034] netlink: 'syz.0.23': attribute type 10 has an invalid length. [ 311.586927][ T6035] netlink: 'syz.0.24': attribute type 10 has an invalid length. [ 311.619388][ T6036] netlink: 'syz.0.25': attribute type 10 has an invalid length. 2025/05/26 15:16:32 executed programs: 19 [ 313.056087][ T5871] Bluetooth: hci0: command tx timeout [ 315.134662][ T5871] Bluetooth: hci0: command tx timeout [ 316.380346][ T6313] validate_nla: 276 callbacks suppressed [ 316.380361][ T6313] netlink: 'syz.0.302': attribute type 10 has an invalid length. [ 316.405725][ T6314] netlink: 'syz.0.303': attribute type 10 has an invalid length. [ 316.422879][ T6315] netlink: 'syz.0.304': attribute type 10 has an invalid length. [ 316.461625][ T6316] netlink: 'syz.0.305': attribute type 10 has an invalid length. [ 316.478650][ T6317] netlink: 'syz.0.306': attribute type 10 has an invalid length. [ 316.495155][ T6318] netlink: 'syz.0.307': attribute type 10 has an invalid length. [ 316.519830][ T6319] netlink: 'syz.0.308': attribute type 10 has an invalid length. [ 316.536240][ T6320] netlink: 'syz.0.309': attribute type 10 has an invalid length. [ 316.552808][ T6321] netlink: 'syz.0.310': attribute type 10 has an invalid length. [ 316.591547][ T6322] netlink: 'syz.0.311': attribute type 10 has an invalid length. 2025/05/26 15:16:37 executed programs: 307 [ 316.817974][ T1295] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.827916][ T1295] ieee802154 phy1 wpan1: encryption failed: -22 [ 321.389751][ T6592] validate_nla: 269 callbacks suppressed [ 321.389762][ T6592] netlink: 'syz.0.581': attribute type 10 has an invalid length. [ 321.414211][ T6593] netlink: 'syz.0.582': attribute type 10 has an invalid length. [ 321.439790][ T6594] netlink: 'syz.0.583': attribute type 10 has an invalid length. [ 321.459407][ T6595] netlink: 'syz.0.584': attribute type 10 has an invalid length. [ 321.477072][ T6596] netlink: 'syz.0.585': attribute type 10 has an invalid length. [ 321.493103][ T6597] netlink: 'syz.0.586': attribute type 10 has an invalid length. [ 321.519459][ T6598] netlink: 'syz.0.587': attribute type 10 has an invalid length. [ 321.536151][ T6599] netlink: 'syz.0.588': attribute type 10 has an invalid length. [ 321.552188][ T6600] netlink: 'syz.0.589': attribute type 10 has an invalid length. [ 321.580093][ T6601] netlink: 'syz.0.590': attribute type 10 has an invalid length. 2025/05/26 15:16:42 executed programs: 589 [ 322.091771][ T5125] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 322.099788][ T5125] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 322.107295][ T5125] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 322.116879][ T5125] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 322.130398][ T5125] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 322.281326][ T6628] chnl_net:caif_netlink_parms(): no params data found [ 322.328903][ T6628] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.336172][ T6628] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.343305][ T6628] bridge_slave_0: entered allmulticast mode [ 322.350813][ T6628] bridge_slave_0: entered promiscuous mode [ 322.360187][ T6628] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.367830][ T6628] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.375046][ T6628] bridge_slave_1: entered allmulticast mode [ 322.381731][ T6628] bridge_slave_1: entered promiscuous mode [ 322.411390][ T1313] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.426435][ T6628] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 322.437703][ T6628] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 322.462461][ T6628] team0: Port device team_slave_0 added [ 322.470929][ T6628] team0: Port device team_slave_1 added [ 322.482759][ T1313] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.511285][ T6628] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 322.518468][ T6628] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.544479][ T6628] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 322.556307][ T6628] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 322.563245][ T6628] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 322.589722][ T6628] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 322.606026][ T1313] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.639557][ T6628] hsr_slave_0: entered promiscuous mode [ 322.646679][ T6628] hsr_slave_1: entered promiscuous mode [ 322.661546][ T1313] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 322.777571][ T1313] bridge_slave_1: left allmulticast mode [ 322.783926][ T1313] bridge_slave_1: left promiscuous mode [ 322.791604][ T1313] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.800399][ T1313] bridge_slave_0: left allmulticast mode [ 322.806933][ T1313] bridge_slave_0: left promiscuous mode [ 322.812621][ T1313] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.990521][ T1313] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 323.000755][ T1313] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 323.010379][ T1313] bond0 (unregistering): Released all slaves [ 323.135320][ T1313] [ 323.137686][ T1313] ====================================================== [ 323.144706][ T1313] WARNING: possible circular locking dependency detected [ 323.151710][ T1313] 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 Not tainted [ 323.158797][ T1313] ------------------------------------------------------ [ 323.165792][ T1313] kworker/u8:6/1313 is trying to acquire lock: [ 323.171922][ T1313] ffff88802517ce00 (team->team_lock_key#2){+.+.}-{4:4}, at: team_del_slave+0x31/0x1b0 [ 323.181485][ T1313] [ 323.181485][ T1313] but task is already holding lock: [ 323.188826][ T1313] ffff888068730768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf0/0x720 [ 323.199100][ T1313] [ 323.199100][ T1313] which lock already depends on the new lock. [ 323.199100][ T1313] [ 323.209492][ T1313] [ 323.209492][ T1313] the existing dependency chain (in reverse order) is: [ 323.218501][ T1313] [ 323.218501][ T1313] -> #1 (&rdev->wiphy.mtx){+.+.}-{4:4}: [ 323.226216][ T1313] __mutex_lock+0x199/0xb90 [ 323.231244][ T1313] ieee80211_open+0x132/0x210 [ 323.236427][ T1313] __dev_open+0x2e7/0x7d0 [ 323.241260][ T1313] netif_open+0xf2/0x160 [ 323.246004][ T1313] dev_open+0xb2/0x260 [ 323.250576][ T1313] team_add_slave+0xaf0/0x21a0 [ 323.255842][ T1313] do_set_master+0x40f/0x730 [ 323.260935][ T1313] do_setlink.constprop.0+0xe66/0x44b0 [ 323.266898][ T1313] rtnl_newlink+0x1446/0x2000 [ 323.272079][ T1313] rtnetlink_rcv_msg+0x95e/0xe90 [ 323.277541][ T1313] netlink_rcv_skb+0x16d/0x440 [ 323.282810][ T1313] netlink_unicast+0x53a/0x7f0 [ 323.288086][ T1313] netlink_sendmsg+0x8d1/0xdd0 [ 323.293374][ T1313] ____sys_sendmsg+0xa95/0xc70 [ 323.298654][ T1313] ___sys_sendmsg+0x134/0x1d0 [ 323.303834][ T1313] __sys_sendmsg+0x16d/0x220 [ 323.308926][ T1313] do_syscall_64+0xcd/0x260 [ 323.313939][ T1313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 323.320335][ T1313] [ 323.320335][ T1313] -> #0 (team->team_lock_key#2){+.+.}-{4:4}: [ 323.328488][ T1313] __lock_acquire+0x1173/0x1ba0 [ 323.333850][ T1313] lock_acquire+0x179/0x350 [ 323.338865][ T1313] __mutex_lock+0x199/0xb90 [ 323.343875][ T1313] team_del_slave+0x31/0x1b0 [ 323.348972][ T1313] team_device_event+0xd0/0x770 [ 323.354331][ T1313] notifier_call_chain+0xbc/0x410 [ 323.359865][ T1313] call_netdevice_notifiers_info+0xbe/0x140 [ 323.366267][ T1313] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 323.373104][ T1313] unregister_netdevice_queue+0x305/0x3f0 [ 323.379330][ T1313] _cfg80211_unregister_wdev+0x64b/0x830 [ 323.385468][ T1313] ieee80211_remove_interfaces+0x34e/0x720 [ 323.391784][ T1313] ieee80211_unregister_hw+0x55/0x3a0 [ 323.397679][ T1313] hwsim_exit_net+0x3ac/0x7d0 [ 323.402861][ T1313] ops_exit_list+0xb3/0x180 [ 323.407875][ T1313] cleanup_net+0x5c1/0xb30 [ 323.412798][ T1313] process_one_work+0x9cf/0x1b70 [ 323.418255][ T1313] worker_thread+0x6c8/0xf10 [ 323.423349][ T1313] kthread+0x3c2/0x780 [ 323.427917][ T1313] ret_from_fork+0x45/0x80 [ 323.432833][ T1313] ret_from_fork_asm+0x1a/0x30 [ 323.438107][ T1313] [ 323.438107][ T1313] other info that might help us debug this: [ 323.438107][ T1313] [ 323.448313][ T1313] Possible unsafe locking scenario: [ 323.448313][ T1313] [ 323.455742][ T1313] CPU0 CPU1 [ 323.461089][ T1313] ---- ---- [ 323.466435][ T1313] lock(&rdev->wiphy.mtx); [ 323.470920][ T1313] lock(team->team_lock_key#2); [ 323.478360][ T1313] lock(&rdev->wiphy.mtx); [ 323.485368][ T1313] lock(team->team_lock_key#2); [ 323.490300][ T1313] [ 323.490300][ T1313] *** DEADLOCK *** [ 323.490300][ T1313] [ 323.498422][ T1313] 5 locks held by kworker/u8:6/1313: [ 323.503683][ T1313] #0: ffff88801c2f3948 ((wq_completion)netns){+.+.}-{0:0}, at: process_one_work+0x12a2/0x1b70 [ 323.514021][ T1313] #1: ffffc90004387d18 (net_cleanup_work){+.+.}-{0:0}, at: process_one_work+0x929/0x1b70 [ 323.523923][ T1313] #2: ffffffff90112ed0 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xc9/0xb30 [ 323.533220][ T1313] #3: ffffffff90128d68 (rtnl_mutex){+.+.}-{4:4}, at: ieee80211_unregister_hw+0x4d/0x3a0 [ 323.543036][ T1313] #4: ffff888068730768 (&rdev->wiphy.mtx){+.+.}-{4:4}, at: ieee80211_remove_interfaces+0xf0/0x720 [ 323.553747][ T1313] [ 323.553747][ T1313] stack backtrace: [ 323.559647][ T1313] CPU: 0 UID: 0 PID: 1313 Comm: kworker/u8:6 Not tainted 6.15.0-rc7-syzkaller-00175-g0f8c0258bf04 #0 PREEMPT(full) [ 323.559669][ T1313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 323.559680][ T1313] Workqueue: netns cleanup_net [ 323.559702][ T1313] Call Trace: [ 323.559708][ T1313] [ 323.559714][ T1313] dump_stack_lvl+0x116/0x1f0 [ 323.559736][ T1313] print_circular_bug+0x275/0x350 [ 323.559758][ T1313] check_noncircular+0x14c/0x170 [ 323.559780][ T1313] __lock_acquire+0x1173/0x1ba0 [ 323.559804][ T1313] lock_acquire+0x179/0x350 [ 323.559824][ T1313] ? team_del_slave+0x31/0x1b0 [ 323.559839][ T1313] ? __pfx___might_resched+0x10/0x10 [ 323.559857][ T1313] ? __pfx___mutex_trylock_common+0x10/0x10 [ 323.559880][ T1313] __mutex_lock+0x199/0xb90 [ 323.559901][ T1313] ? team_del_slave+0x31/0x1b0 [ 323.559914][ T1313] ? find_held_lock+0x2b/0x80 [ 323.559930][ T1313] ? team_del_slave+0x31/0x1b0 [ 323.559944][ T1313] ? __pfx___mutex_lock+0x10/0x10 [ 323.559967][ T1313] ? team_del_slave+0x31/0x1b0 [ 323.559980][ T1313] team_del_slave+0x31/0x1b0 [ 323.559995][ T1313] team_device_event+0xd0/0x770 [ 323.560010][ T1313] notifier_call_chain+0xbc/0x410 [ 323.560029][ T1313] ? __pfx_team_device_event+0x10/0x10 [ 323.560045][ T1313] call_netdevice_notifiers_info+0xbe/0x140 [ 323.560067][ T1313] unregister_netdevice_many_notify+0xf9a/0x26f0 [ 323.560089][ T1313] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 323.560112][ T1313] ? find_held_lock+0x2b/0x80 [ 323.560128][ T1313] unregister_netdevice_queue+0x305/0x3f0 [ 323.560146][ T1313] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 323.560166][ T1313] _cfg80211_unregister_wdev+0x64b/0x830 [ 323.560183][ T1313] ieee80211_remove_interfaces+0x34e/0x720 [ 323.560203][ T1313] ? __pfx_ieee80211_remove_interfaces+0x10/0x10 [ 323.560225][ T1313] ieee80211_unregister_hw+0x55/0x3a0 [ 323.560239][ T1313] hwsim_exit_net+0x3ac/0x7d0 [ 323.560259][ T1313] ? __pfx_hwsim_exit_net+0x10/0x10 [ 323.560276][ T1313] ? ip_vs_sync_net_cleanup+0x72/0xb0 [ 323.560293][ T1313] ? __ip_vs_dev_cleanup_batch+0xb1/0x290 [ 323.560308][ T1313] ? __pfx_hwsim_exit_net+0x10/0x10 [ 323.560329][ T1313] ops_exit_list+0xb3/0x180 [ 323.560346][ T1313] cleanup_net+0x5c1/0xb30 [ 323.560364][ T1313] ? __pfx_cleanup_net+0x10/0x10 [ 323.560383][ T1313] ? rcu_is_watching+0x12/0xc0 [ 323.560401][ T1313] process_one_work+0x9cf/0x1b70 [ 323.560419][ T1313] ? __pfx_process_one_work+0x10/0x10 [ 323.560436][ T1313] ? assign_work+0x1a0/0x250 [ 323.560450][ T1313] worker_thread+0x6c8/0xf10 [ 323.560467][ T1313] ? __kthread_parkme+0x19e/0x250 [ 323.560488][ T1313] ? __pfx_worker_thread+0x10/0x10 [ 323.560503][ T1313] kthread+0x3c2/0x780 [ 323.560516][ T1313] ? __pfx_kthread+0x10/0x10 [ 323.560528][ T1313] ? __pfx_kthread+0x10/0x10 [ 323.560540][ T1313] ? __pfx_kthread+0x10/0x10 [ 323.560552][ T1313] ? __pfx_kthread+0x10/0x10 [ 323.560565][ T1313] ? rcu_is_watching+0x12/0xc0 [ 323.560580][ T1313] ? __pfx_kthread+0x10/0x10 [ 323.560593][ T1313] ret_from_fork+0x45/0x80 [ 323.560608][ T1313] ? __pfx_kthread+0x10/0x10 [ 323.560620][ T1313] ret_from_fork_asm+0x1a/0x30 [ 323.560644][ T1313] [ 323.869825][ T1313] team0: Port device wlan1 removed [ 324.000708][ T6628] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 324.013404][ T1313] hsr_slave_0: left promiscuous mode [ 324.019085][ T1313] hsr_slave_1: left promiscuous mode [ 324.025218][ T1313] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 324.032621][ T1313] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 324.040179][ T1313] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 324.047968][ T1313] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 324.056898][ T1313] veth1_macvtap: left promiscuous mode [ 324.062360][ T1313] veth0_macvtap: left promiscuous mode [ 324.067974][ T1313] veth1_vlan: left promiscuous mode [ 324.073219][ T1313] veth0_vlan: left promiscuous mode [ 324.149437][ T1313] team0 (unregistering): Port device team_slave_1 removed [ 324.164165][ T1313] team0 (unregistering): Port device team_slave_0 removed [ 324.176244][ T5125] Bluetooth: hci1: command tx timeout [ 324.230114][ T6628] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 324.238281][ T6628] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 324.247583][ T6628] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 324.311656][ T6628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 324.326218][ T6628] 8021q: adding VLAN 0 to HW filter on device team0 [ 324.336006][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 324.343073][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 324.372801][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 324.379941][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 324.531649][ T6628] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 324.553473][ T6628] veth0_vlan: entered promiscuous mode [ 324.562083][ T6628] veth1_vlan: entered promiscuous mode [ 324.576756][ T6628] veth0_macvtap: entered promiscuous mode [ 324.583824][ T6628] veth1_macvtap: entered promiscuous mode [ 324.594063][ T6628] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 324.604122][ T6628] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 324.613546][ T6628] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.623520][ T6628] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.632265][ T6628] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.641758][ T6628] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 324.662032][ T6628] ieee80211 phy7: Selected rate control algorithm 'minstrel_ht' [ 324.677690][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.679885][ T6628] ieee80211 phy8: Selected rate control algorithm 'minstrel_ht' [ 324.693625][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.708056][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 324.715984][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 324.740213][ T6671] team0: Port device wlan1 added [ 326.254597][ T5125] Bluetooth: hci1: command tx timeout [ 326.418056][ T6770] validate_nla: 124 callbacks suppressed [ 326.418068][ T6770] netlink: 'syz.0.715': attribute type 10 has an invalid length. [ 326.438664][ T6771] netlink: 'syz.0.716': attribute type 10 has an invalid length. [ 326.496676][ T6772] netlink: 'syz.0.717': attribute type 10 has an invalid length. [ 326.510969][ T6773] netlink: 'syz.0.718': attribute type 10 has an invalid length. [ 326.524322][ T6774] netlink: 'syz.0.719': attribute type 10 has an invalid length. [ 326.557635][ T6775] netlink: 'syz.0.720': attribute type 10 has an invalid length. [ 326.571805][ T6776] netlink: 'syz.0.721': attribute type 10 has an invalid length. [ 326.585863][ T6777] netlink: 'syz.0.722': attribute type 10 has an invalid length. [ 326.618511][ T6778] netlink: 'syz.0.723': attribute type 10 has an invalid length. [ 326.632253][ T6779] netlink: 'syz.0.724': attribute type 10 has an invalid length. 2025/05/26 15:16:47 executed programs: 719 [ 328.334613][ T5125] Bluetooth: hci1: command tx timeout [ 330.415189][ T5125] Bluetooth: hci1: command tx timeout [ 331.457874][ T7066] validate_nla: 286 callbacks suppressed [ 331.457890][ T7066] netlink: 'syz.0.1011': attribute type 10 has an invalid length. [ 331.480964][ T7067] netlink: 'syz.0.1012': attribute type 10 has an invalid length. [ 331.494833][ T7068] netlink: 'syz.0.1013': attribute type 10 has an invalid length. [ 331.517731][ T7069] netlink: 'syz.0.1014': attribute type 10 has an invalid length. [ 331.531058][ T7070] netlink: 'syz.0.1015': attribute type 10 has an invalid length. [ 331.544363][ T7071] netlink: 'syz.0.1016': attribute type 10 has an invalid length. [ 331.588577][ T7072] netlink: 'syz.0.1017': attribute type 10 has an invalid length. [ 331.602111][ T7073] netlink: 'syz.0.1018': attribute type 10 has an invalid length. [ 331.615420][ T7074] netlink: 'syz.0.1019': attribute type 10 has an invalid length. [ 331.648834][ T7075] netlink: 'syz.0.1020': attribute type 10 has an invalid length. 2025/05/26 15:16:52 executed programs: 1016